Understanding the Architecture
  • 02 May 2024
  • 9 Minutes to read

Understanding the Architecture


Article summary

Understanding the Architecture of Abblix OIDC Server

The Abblix OIDC Server stands out as a pioneering solution in the realm of authentication technologies, providing a secure, scalable and adaptable platform
for authentication and authorization services. Let's delve into the architecture, highlighting its distinctive features, core components and integration capabilities that contribute to
its significant position in the industry.

Basic Concepts

Constructed on the principles of Hexagonal Architecture, the Abblix OIDC Server prioritizes the separation of concerns by isolating its core logic through interfaces.
Known alternatively as the Ports and Adapters architecture, this approach distinctly separates the application's core functionality from external interactions, ensuring the system remains flexible,
easily testable, and adaptable to diverse environmental or interface requirements.

Core

At the heart of the Hexagonal Architecture lies the Core. In the context of Abblix OIDC Server, the Core encompasses the essential business logic and rules specific to authentication and authorization processes.
This includes handling of OpenID Connect protocols, token generation, validation, user session management and the execution of authentication flows.
The Core is agnostic to the external entities it communicates with, such as databases, web services or user interfaces. Its primary focus is on performing the fundamental operations correctly and efficiently.

Ports

Ports are the interfaces through which the Core interacts with the outside world. They represent the high-level capabilities or services the application provides, abstracted in a way that external actors
or systems can utilize without needing to know the inner workings of the Core.

In Abblix OIDC Server, Ports might include:

  • API Endpoints: Interfaces for receiving authentication requests, token requests, and other OpenID Connect-specific operations.
  • Data Access: Abstractions for how data (e.g., tokens, user sessions, client configurations) is stored and retrieved, which could be through databases or external services.

Ports act as contractual boundaries that define what functionalities are available from the Core, ensuring that external changes do not affect the core business logic.

Adapters

Adapters are the implementations that connect the Ports to the actual external services or systems. They translate the external requests into operations that the Core can understand and execute,
and conversely, adapt the Core's responses back to forms suitable for the external world.

In the Abblix OIDC Server, Adapters might include:

  • Web Controllers: These adapt HTTP requests into calls to the application's Core services, handling web-specific protocols and data formats.
  • Database Connectors: They translate the Core's data access interfaces into actual queries to a relational database, NoSQL store, or other persistence mechanisms.
  • Client Libraries: Software components that enable other applications to interact with the Abblix OIDC Server, adapting the server's functionalities into convenient methods for external use.

By employing a Hexagonal Architecture, Abblix OIDC Server ensures that its core functionality remains stable, secure, and isolated from external changes, whether those changes
come from new user interface requirements, different database technologies, or alternative methods of external communication.
This architecture simplifies testing, as the Core can be tested in isolation from its external connections, and promotes flexibility, allowing new Adapters to be developed
for different environments without altering the Core's logic.

Understanding Endpoints

In the realms of OAuth 2.0 and OpenID Connect, endpoints typically refer to URLs utilized by clients to carry out a variety of actions, from requesting tokens and retrieving user information to initiating logout procedures.
But when we explore the architecture of the Abblix OIDC Server's core, we see that endpoints as more than just URLs; they're seen as abstract logical units that group specific functionalities.
Each endpoint within Abblix OIDC Server is designed by the same architectural principles as all other endpoints.
This means that by understanding the structure and functionality of one Endpoint, you get insight into the entire system. So lets look inside a typical endpoint.

The Role of Handlers

Central to each endpoint is its Handler, a component tasked with coordinating the operations associated with that endpoint. The Handler is where the orchestration of endpoint-specific processes occurs,
ensuring that requests are processed efficiently and securely. To achieve this, a typical Handler is composed of two key elements: a Validator and a Processor.

Validators

Validators are the first line of defense, tasked with examining incoming requests for authenticity and compliance with established protocols. This step is crucial for filtering out invalid or malicious requests
before they proceed further into the system. To manage the complexity inherent in validating diverse and multifaceted requests, some of our more complex Validators are structured as a pipeline of simpler validation steps
sharing a common validation context. This design adheres to the Composite pattern, where each step in the pipeline is responsible for validating a single aspect of the request. This modular approach allows for thorough
and efficient validation processes, ensuring that each component of a request is individually assessed for compliance, thereby enhancing the overall security and reliability of the server.
By decomposing complex validation tasks into manageable, focused checks, we ensure a high level of detail in our security measures, reflecting our commitment to maintaining a secure and trustworthy authentication platform.

Processors

Processors take over after a request has been validated. They're tasked with carrying out the necessary actions based on the request, such as generating tokens or managing sessions,
crucial for authentication and authorization. Unlike Validators, which ensure requests meet certain criteria, Processors actively perform actions or modify the system's state,
directly impacting the server's operation and user experience.

Features

Under the hood of Processors, the concept of Features is introduced. As specialized application-level services, Features concentrate on distinct, isolated functionalities within the server.
Processors typically engage several Features, which in turn can leverage other Features, embodying a highly interconnected system. By following the Single Responsibility Principle (SRP),
each Feature is responsible for one specific task, like Client Application, Session Management, URL Validation, Token Handling; etc. You can think of them as the tiles in our mosaic,
where each tile has its own color and its shape is very simple. But when you step back, all those tiles blend together to make a brilliant picture.
Another great aspect of this approach is that when the server needs new capabilities, we can easily add new tiles and reuse existing ones to make a bigger picture.
It means the Abblix OIDC Server can easily adapt to new needs, demands, and challenges, keeping it on the cutting edge of authentication technologies.

Modular and Extensible

The architectural decision to structure the Core around abstract logical endpoints, each powered by a specialized Handler, affords Abblix a significant degree of modularity and extensibility.
This design facilitates the seamless integration of new functionalities and enhancements, allowing Abblix to adapt to evolving digital security landscapes without disrupting its foundational mechanisms.

By conceptualizing endpoints as abstract units and delineating the roles of Handlers, Validators, and Processors, the Abblix OIDC Server stands as a testament to the thoughtful integration
of design principles and operational efficiency, ensuring a secure, user-friendly authentication experience.

Integration and Flexibility

Abblix OIDC Server's integration capabilities showcase its exceptional design, offering seamless compatibility with ASP.NET. This design philosophy extends beyond mere technical integration;
it reflects a deep commitment to align with the .NET ecosystem in a way that respects and leverages the tools and practices developers are already familiar with.

Developing the Abblix OIDC Server, we made a deliberate choice to focus on OpenID Connect functionalities, ensuring that the essence of what makes OpenID Connect so powerful is preserved
and optimized within our architecture. However, we recognize the vast array of mechanisms developers rely on in their projects - ranging from data binding and routing to CORS implementation and beyond.
Our goal is not to compel you to discard these tried-and-true mechanisms in favor of our analogs but to allow you to integrate the Abblix OIDC Server into your solution effortlessly.

As a developer, you can continue to use all the .NET ecosystem's tools and features you are accustomed to. Our efforts are concentrated on ensuring the Abblix OIDC Server enhances your projects
by fitting in with the tools you already know, use and trust. This approach not only simplifies the integration process but also minimizes the learning curve, allowing you to focus on creating secure,
efficient, and user-friendly applications without the need to navigate unnecessary complexities.

Our commitment to this principle of integration and flexibility is a testament to our understanding of the development landscape. We strive to make the Abblix OIDC Server not just an addition
to your development toolkit but a seamless extension of it, enhancing your applications' security and authentication flows without disrupting your established development practices.

Conclusion

The Abblix OIDC Server emerges as a leading solution for implementing secure, efficient authentication systems, thanks to its intelligently designed, hexagonal, and modular structure.
This design ensures ease of use and adaptability for developers. Distinguished by its unwavering commitment to security, scalability, and compatibility across various tech environments, Abblix provides
a dependable and user-friendly platform, paving the way for secure online access.


Was this article helpful?